Lucene search
WPScanCVELIST:CVE-2022-1006HistoryApr 11, 2022 - 2:41 p.m.
CVE-2022-1006 Advanced Booking Calendar < 1.7.1 - Admin+ SQLi
2022-04-1114:41:04
CWE-89
WPScan
www.cve.org
0.001 Low
EPSS
Percentile
41.2%
The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks
CNA Affected
[
{
"product": "Advanced Booking Calendar",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.7.1",
"status": "affected",
"version": "1.7.1",
"versionType": "custom"
}
]
}
]Related
wpvulndb
wpvulndb
Advanced Booking Calendar < 1.7.1 - Admin+ SQLi
2022-03-21 00:00:00
cve
cve
CVE-2022-1006
2022-04-11 15:15:08
nvd
nvd
CVE-2022-1006
2022-04-11 15:15:08
prion
prion
Sql injection
2022-04-11 15:15:00
wpexploit
wpexploit
Advanced Booking Calendar < 1.7.1 - Admin+ SQLi
2022-03-21 00:00:00
cnvd
cnvd